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Abstract. We study the termination of rewriting modulo a set of equa- 
tions in the Calculus of Algebraic Constructions, an extension of the Cal- 
culus of Constructions with functions and predicates denned by higher- 
order rewrite rules. In a previous work, we defined general syntactic 
conditions based on the notion of computability closure for ensuring the 
termination of the combination of rewriting and /3-reduction. 

Here, we show that this result is preserved when considering rewriting 
modulo a set of equations if the equivalence classes generated by these 
equations are finite, the equations are linear and satisfy general syntac- 
tic conditions also based on the notion of computability closure. This 
includes equations like associativity and commutativity and provides an 
original treatment of termination modulo equations. 

1 Introduction 

The Calculus of Algebraic Constructions (CAC) [2, 3] is an extension of the Cal- 
culus of Constructions (CC) [9] with functions and predicates defined by (higher- 
order) rewrite rules. CC embodies in the same formalism Girard's polymorphic 
A-calculus and De Bruijn's dependent types, which allows one to formalize propo- 
sitions and proofs of (impredicative) higher-order logic. In addition, CAC allows 
functions and predicates to be defined by any set of (higher-order) rewrite rules. 
And, in contrast with (first-order) Natural Deduction Modulo [13], proofs are 
part of the terms. 

Very general conditions are studied in [2,4] for preserving the decidability 
of type-checking and the logical consistency of such a system. But these condi- 
tions do not take into account rewriting modulo equations like associativity and 
commutativity (AC), which would be very useful in proof assistants like Coq 
[22] since it increases automation and decreases the size of proofs. We already 
used the rewriting engine of CiME [8], which allows rewriting modulo AC, for 
a prototype implementation of CAC, and now work on a new version of Coq 
including rewriting modulo AC. In this paper, we extend the conditions given in 
[2] to deal with rewriting modulo equations. 

2 The Calculus of Algebraic Constructions 

We assume the reader familiar with typed A-calculi [1] and rewriting [11]. The 
Calculus of Algebraic Constructions (CAC) [2] simply extends CC by considering 
a set T of symbols and a set 1Z of rewrite rules. The terms of CAC are: 



t, u G T ::= s \ x \ f \ [x : t]u \ tu \ (x : t)u 



where s G 5 = {*,□} is a sort, ir G X a variable, / £ f, [i : i]w an abstraction, 
tu an application, and (i : i)u a dependent product, written t => u if ir does not 
freely occur in u. 

The sort ★ denotes the universe of types and propositions, and the sort □ 
denotes the universe of predicate types (also called kinds). For instance, the type 
not of natural numbers is of type *, * itself is of type □ and nat *, the type 
of predicates over nat, is of type □. 

We use bold face letters for denoting sequences of terms. For instance, t is 
the sequence t\ . . .t n where n — \t\ is the length of t, and (x : T)U is the term 
(xi : T\) . . . (x n : T n )U (we implicitly assume that \x\ = \T\ = n). 

We denote by FV(i) the set of free variables of t, by dom(0) the domain of a 
substitution 9, by Pos(i) the set of Dewey's positions of t, by t\ p the subterm of 
t at position p, and by t[u] p the replacement of t\ p by u. 

Every symbol / is equipped with a sort Sf , an arity a / and a type 77 which 
may be any closed term of the form (x : T)U with \x\ = a.f. The terms only 
built from variables and applications of the form ft with \t\ = otf are algebraic. 

A typing environment r is an ordered list of type declarations x : T. If / is 
a symbol of type ry = (x : T)U , we denote by 1/ the environment x : T. 

A rule for typing symbols is added to the typing rules of CC: 

(symb) — 

h / ■ / 

A rewrite rule is a pair I — ► r such that (1) I is algebraic, (2) I is not a variable, 
and (3) FV(r) G FV(Z). Only I has to be algebraic: r may contain applications, 
abstractions and products. This is a particular case of Combinatory Reduction 
System (CRS) [18] which does not need higher-order pattern-matching. 

If Q C T , IZg is the set of rules whose left-hand side is headed by a symbol 
in Q. A symbol / with 7l{f} = is constant, otherwise it is (partially) defined. 

A rule is left-linear (resp. right-linear) if no variable occurs more than once 
in the left-hand side (resp. right-hand side). A rule is linear if it is both left- 
linear and right-linear. A rule is non- duplicating if no variable occurs more in 
the right-hand side than in the left-hand side. 

A term t IZ-rewrites to a term t' , written t -^n t' , if there exists a position 
p in t, a rule I — > r G 1Z and a substitution a such that t\ p = la and t' = t[ra] p . 
A term t (3-rewrites to a term t', written t -^p t', if there exists a position p in 
t such that t\ p = ([x : U)v u) and t' — t[v{x t— » u}] p . Given a relation — > and a 
term t, let = {*' G T \ t -» i'}. 

Finally, in CAC, /37?.-equivalent types are identified. More precisely, in the 
type conversion rule of CC, ip is replaced by 

, Tht:T T|^T' fhfis 

(conv : — 

v ; r\-t:T' 



where u [pn v iff there exists a term w such that u — >% n w and v — w, — >g K 
being the reflexive and transitive closure of —>p U — This rule means that 
any term i of type T in the environment -T is also of type T" if T and T' have 
a common reduct (and T" is of type some sort s). For instance, if t is a proof of 
P(2 + 2) then i is also a proof of P(4) if 1Z contains the following rules: 

x + — > x 
x + (s y) -> s (x + y) 

This decreases the size of proofs and increases automation as well. 

A substitution 9 preserves typing from r to A, written 9 : r A, if, for all 
x G dom(P), Zi h x6 : xT9, where xT is the type associated to x in r. Type- 
preserving substitutions enjoy the following important property: if r h t : T and 
9 : A then Z\ h tO : T6. 

For ensuring the subject reduction property (preservation of typing under 
reduction), every rule fl^ris equipped with an environment -T and a substi- 
tution p such that, 1 if / : (x : T)U and 7 = {x ^ 1} then r h /Zp : Ujp and 
fhr: C^7/0- The substitution p allows to eliminate non-linearities only due to 
typing and thus makes rewriting more efficient and confluence easier to prove. 
For instance, the concatenation on polymorphic lists (type list : * => * with 
constructors nil : (A : *)listA and cons : (A : *)A => listA => listA) of type 
(A : -k)UstA => listA listA can be defined by: 

app A (nil A') I' -» I' 
app A (cons A' x I) V — > cons A x (app Axil') 
app A (app A' I I') I" -» app A I (app A I' I") 

with r = A : *, x : A, I : listA, I' : listA and p = {A' 1— > ^4}. For instance, 
app A (nil A') is not typable in r (since A' £ dom(7 n )) but becomes typable 
if we apply p. This does not matter since, if an instance app Aa (nil A'a) is 
typable then Aa is convertible to A'a. 



3 Rewriting Modulo 

Now, we assume given a set £ of equations I = r which will be seen as a set of 
symmetric rules, that is, a set such that !^re£iffr^(e5. The conditions 
on rules imply that, if I = r G £, then (1) both I and r are algebraic, (2) both I 
and r are headed by a function symbol, (3) I and r have the same (free) variables. 
Examples of equations are: 

x + y = y + x (commutativity of +) 

x + (y + z) = (x + y) + z (associativity of +) 

xx (y + z) = (x x y) + (x x z) (distributivity of x) 

x + = x (neutrality of 0) 

1 Other conditions are necessary that we do not detail here. 



add A x (add A' y S) = add A y (add A' x S) 
union A S S' = union A S' S 
union A S (union A' S' S") = union A (union A' S S') 5"' 

where set empty : (A : *)setA, add : (A : -k)A =>• setA =>- setA and 

union : (A : *)setA =>• setA => setA formalize finite sets of elements of type 
A. Except for distributivity which is not linear, and the equation x + = x 
whose equivalence classes are infinite, all the other equations will satisfy our 
strong normalization conditions. Note however that distributivity and neutrality 
can always be used as rules when oriented from left to right. Hence, the word 
problem for abelian groups or abelian rings for instance can be decided by using 
normalized rewriting [19]. 

On the other hand, the following expressions are not equations since left and 
right-hand sides have distinct sets of variables: 

ixO = (0 is absorbing for x ) 
x + (—x) = (inverse) 

Let ~ be the reflexive and transitive closure of — (~ is an equivalence 
relation since £ is symmetric). We are now interested in the termination of 
► =— >p U ~ — >fi (instead of — yp U -^-r before). In the following, we may denote 
by £, -> n by TZ and ->p by (3. 

In order to preserve all the basic properties of the calculus, we do not change 
the shape of the relation used in the type conversion rule (conv): two types T 
and T' are convertible if T j T" with -^=^p U -^u U — >£. But this raises the 
question of how to check this condition, knowing that — > may be not terminating. 
We study this problem in Section 6. 

4 Conditions of strong normalization 

In the strong normalization conditions, we distinguish between first-order sym- 
bols (set !Fi) and higher- order symbols (set FJ). To precisely define what is a 
first-order symbol, we need a little definition before. We say that a constant 
predicate symbol is primitive if it is not polymorphic and if its constructors have 
no functional arguments. This includes in particular any first-order data type 
(natural numbers, lists of natural numbers, etc.). Now, a symbol / is first-order 
if it is a predicate symbol of maximal arity, 2 or if it is a function symbol whose 
output type is a primitive predicate symbol. Any other symbol is higher-order. 
Let 1Z L = 1Zf l and E L — £jr t for i e {1, u)}. 

Since the pioneer works on the combination of A-calculus and first-order 
rewriting [7,20], it is well known that the addition at the object level of a 
strongly normalizing first-order rewrite system preserves strong normalization. 
This comes from the fact that first-order rewriting cannot create /?-redexes. On 

2 A predicate symbol / of type (x : T)U is of maximal arity if U = *, that is, if the 
elements of type ft are not functions. 



the other hand, higher-order rewriting can create /3-redexes. This is why we 
have other conditions on higher-order symbols than merely strong normaliza- 
tion. Furthermore, in order for the two systems to be combined without losing 
strong normalization [23] , we also require first-order rules to be non-duplicating 
[21]. Note however that a first-order symbol can always be considered as higher- 
order (but the strong normalization conditions on higher-order symbols may not 
be powerful enough for proving the termination of its defining rules) . 

The strong normalization conditions on higher-order rewrite rules are based 
on the notion of computability closure [5]. We are going to use this notion for 
the equations too. 

Typed A-calculi are generally proved strongly normalizing by using Tait and 
Girard's technique of computability predicates / deducibility candidates [14]. In- 
deed, a direct proof of strong normalization by induction on the structure of 
terms does not work. The idea of Tait, later extended by Girard to the polymor- 
phic A-calculus, is to strengthen the induction hypothesis as follows. To every 
type T, one associates a set [T] C SAf (set of strongly normalizing terms), and 
proves that every term of type T is computable, that is, belongs to [T]. 

Now, if we extend such a calculus with rewriting, for preserving strong nor- 
malization, a rewrite rule has to preserve computability. The computability clo- 
sure of a term t is a set of terms that are computable whenever t itself is com- 
putable. So, if the right-hand side r of a rule fl—*r belongs to the computability 
closure of I, a condition called the General Schema, then r is computable when- 
ever the terms in I are computable. 

Formally, the computability closure for a rule (fl — > r, r, p) with r/ = (x : 
T)U and 7 = {x 1} is the set of terms t such that the judgment \- c t : Ujp can 
be deduced from the rules of Figure 1, where the variables of dom(_T) are con- 
sidered as symbols (t x = xT), >jr is a well-founded quasi-ordering (precedence) 
on symbols, with x <r / for all x € dom(i^), >/ is the multiset or lexicographic 
extension 3 of the subterm ordering 4 > , and T J./ T' iff T and T" have a common 
reduct by — >^=— ^ U -^ n < where TZf — {gu — > v 6 TZ | g <jr /}. 

In addition, every variable x £ dom(r') is required to be accessible in some 
U, that is, xa is computable whenever U<t is computable. The arguments of a 
constructor-headed term are always accessible. For a function-headed term ft 
with f : (x : T)Cv and C constant, only the U's such that C occurs positively 
in Tj are accessible (X occurs positively in Y => X and negatively in X => Y). 

The relation \- c is similar to the typing relation h of CAC except that symbol 
applications are restricted to symbols smaller than /, or to arguments smaller 
than I in the case of an application of a symbol equivalent to /. So, verifying 
that a rule satisfies the General Schema amounts to check whether r has type 
Ujp with the previous restrictions on symbol applications. It therefore has the 
same complexity. 



3 Or a simple combination thereof, depending on the status of /. 

4 We use a more powerful ordering for dealing with recursive definitions on types 
whose constructors have functional arguments. 



Fig. 1. Computability closure for (fl — ► r,r,p) 
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Now, how the computability closure can help us in dealing with rewriting 
modulo equations? When one tries to prove that every term is computable, in the 
case of a term ft, it is sufficient to prove that every reduct of ft is computable. 
In the case of a head-reduct flu — > ra, this follows from the fact that r belongs 
to the computability closure of I since, by induction hypothesis, the terms in la 
are computable. 

Now, with rewriting modulo, a 7\L-step can be preceded by £-steps: ft — 
gu — t' . To apply the previous method with gu, we must prove that the terms 
in u are computable. This can be achieved by assuming that the equations also 
satisfy the General Schema in the following sense: an equation (fl — ► gm, r, p) 
with T g = (x : T)U and 7 = {x 1— > m} satisfies the General Schema if, for all 
i,\- c m,i : T^p, that is, the terms in m belong to the computability closure of I. 
By symmetry, the terms in I belong to the computability closure of m. 

One can easily check that this condition is satisfied by commutativity (what- 
ever the type of + is) and associativity (if both y and z are accessible in y + z): 



x + y = y + x 
x + (y + z) = (x + y) + z 



For commutativity, this is immediate and does not depend on the type of +: 
both y and x belong to the computability closure of x and y. 

For associativity, we must prove that both x + y and z belong to the com- 
putability closure CC of x and y + z. If we assume that both y and z are accessible 
in y + z (which is the case for instance if + : nat =>■ nat => nat) , then z belongs 
to CC and, by using a multiset status for comparing the arguments of +, x + y 
belongs to CC too since {x, y} < mu i {a;, y + z}. 

We now give all the strong normalization conditions. 

Theorem 1 (Strong normalization of f3U~1Z). Let ~i be the reflexive and 
transitive closure of £\. The relation ► —— > l g U ~— >tj is strongly normalizing if 
the following conditions adapted from [2] are satisfied: 

• — >=— >/3 U — »k U — >£ is confluent, 5 

• the rules oflZi are non- duplicating, 6 IZi C\T U = £\ C\T U = 7 and ~i— »t?. 1 is 
strongly normalizing on first-order algebraic terms, 

• the rules of TZ U satisfy the General Schema and are safe, 8 

• rules on predicate symbols have no critical pair, satisfy the General Schema 9 
and are small, 10 

and if the following new conditions are satisfied too: 

• there is no equation on predicate symbols, 

• £ is linear, 

• the equivalence classes modulo ~ are finite, 

• every rule (fl — > gm, r, p) G £ satisfies the General Schema in the following 
sense: if r g — (x : T)U and 7 = {x m) then, for all i,\- c m,i : T^p. 

Not allowing equations on predicate symbols is an important limitation. How- 
ever, one cannot have equations on connectors if one wants to preserve the 
Curry-Howard isomorphism. For instance, with commutativity on A, one looses 
subject reduction. Take A : * => * *, pair : (A : *){B : *)A =>• B =>• AAB and 
7Ti : {A : *)(B : *)A A B A defined by tti A B {pair A' B' ab) —* a. Then, 
7Ti B A (pair A B a b) is of type B but a is not. 

5 Strong normalization proof 

The strong normalization proof follows the one given in [6] very closely. 11 We only 
give the definitions and lemmas that must be modified. As previously explained, 

6 If there are type-level rewrite rules. 

6 If there are higher-order rules. 

7 First-order rules/equations only contain first-order symbols. 

8 No pattern-matching on predicates. 

9 There are other possibilities. See [2] for more details. 

10 A rule fl^ris small if every predicate variable in r is equal to one of the Zi's. 

11 The proof given in [6] is an important simplification of the one given in [2]. 



the strong normalization is obtained by denning an interpretation [T] C SAf for 
every type T, and by proving that every term of type T belongs to [T]. 

More precisely, for every type T, we define the set TZt of the possible inter- 
pretations, or candidates, for the terms of type T. Tt( x -.u)v ls the set of func- 
tions R from T x IZu to TZy that are stable by reduction: if u — * v! then 
R(u, S) = R(u', S). A term t is neutral if it is distinct from an abstraction or a 
constructor. 1Z* is the set of sets RCT such that: 

(Rl) Strong normalization: R C SAf. 

(R2) Stability by reduction: if t e R then C 

(R3) Neutral terms: if t is neutral and C i? then t & R. 

Candidates form a complete lattice. A candidate assignment £ is a function 
which associates a candidate to every variable. Given an interpretation I for 
predicate symbols, a candidate assignment £ and a substitution 9, the interpre- 
tation of a type T, written [T]| e , is defined in [4]. The elements of [T]| e are 
said computable. A pair (£, 0) is r -valid, written £, 9 \= r, if, for all x G dom(T), 
.< e and a?6> e [ir| fl . 

Then, strong normalization is obtained by defining an interpretation If e 
7?. r/ for every predicate symbol /, and by proving that every symbol / is com- 
putable, that is, / <E [77]. If Tf = (x : T)U , it amounts to check that, for all 
//-valid pair (£,#), fx9 £ For the interpretation, we keep the one for 

constant predicate symbols given in [6] but slightly modify the interpretation of 
defined predicate symbols for taking into account the new reduction relation. 

Although we do not change the interpretation of constant predicate symbols, 
we must check that the interpretation of primitive predicate symbols is still 
SAf (hence that, for primitive predicate symbols, computability is equivalent to 
strong normalization) , since this property is used for proving that a terminating 
and non-duplicating (if there are higher-order rewrite rules) first-order rewrite 
system preserves strong normalization. The verification of the former property 
is easy. We now prove the latter. 

Lemma 2. [16] // the ^-classes are finite then ~[> is strongly normalizing. 

Proof. We prove that (~ >)" C ~ >™ by induction on n. For n — 0, this is 
immediate. For n+1, (m>)™ +1 C ~>~>™ c >>" C -t>™ +1 . □ 

Lemma 3. [12] If t e SAf ((3) and t u then (3(t) ->* Ui (i{u). 

Proof. Dougherty proves this result in [12] (Proposition 4.6 and Theorem 4.7) 
for the untyped A-calculus. The proof can clearly be extended to the Calculus 
of Algebraic Constructions. We inductively define -» as follows: 

• a -» a; 

• if I — > r e TZ\ and a -» 9 then la -» r9; 

• if a -» b and c -» d then ac -» bd, [x : a]c [x : b]d and (x : a)c -» (x : b)d; 

• if a -» b then fa -» fb. 

We now prove that, if t — >p t' and t -» u then there exist t" and u' such that 
t' -^* 3 t" -» v! and u — ^ u' by induction on t -» u. 



• u = t. Immediate. 

• t — la, u — rO and a -» 9. Since left-hand sides of rules are algebraic, the 
/3-reduction must take place in an occurrence of a variable x £ FV(Z). Let v' 
be the /3-reduct of xa. By induction hypothesis, there exists v" and w such 
that v' v" -» w and x9 — >jg w. Let a" such that xa" = v" and ya" = ya 
if y 7^ x, and 9' such that x8' — w and yO' = y6 if y ^ x. We have a" -» 8' . 
By /3- reducing all the instances of the occurrences of x in I to v" , we get 
t' — ^ la" -» rO 1 and, by reducing all the instances of the occurrences of x in 
r to w, we get u = r9 rO'. 

• Assume that t = [x : a]c k, u = v I, [x : a]c -» v, k -» I and t' = c{x i— > k}. 
Then, v = [x : b]d with a -» b and c ^> d. Therefore, c{x ^ k} -» d{x 1} 
and u — >/3 <i{x i— > Z}. 

Assume now that t = ac, u = bd, a -» b, c -» d and a —>@ a'. The other 
cases are similar. By induction hypothesis, there exist a" and b' such that 
a! a" -» 6' and 6 6'. Therefore, a'c a"c -» b'd and bd 6'd. 

• t = fa, u = fb and a -» b. Then, there is i such that t' — fa', en -^p a! i and 
aj = a'j if j ^ i. By induction hypothesis, there exists a" and 6- such that 
a i —**n a i &i an d ^ ~*/3 Let a" = aj and b'j = bj if / ^ i. Then, a" -» b' , 
t> = fa 1 -J /a" -» /&' and u = /& /&'. 

Now, since t is /3-strongly normalizable, we can prove the lemma by induction 
on If t is in /3-normal form then u also is in /3-normal form since 
reductions preserve /3-normal forms. Hence, (3{t) = t -» u = (3(u). Now, if 
t — >/3 t' then there exist t" and v! such that t' — >^ t" -» u' and u — ^ u' . By 
induction hypothesis, j3{t") ~» 0(u'). Therefore, /3(t) -» (3{u). □ 

Definition 4 (Cap and aliens). Let ( be an injection from the classes of 
terms modulo J,* to X . The cap of a term t is the biggest first-order algebraic 
term cap(t) = t[xi] Pl . . . [x„] Pn such that Xi = ((t\ Pi ). The t\ Pi 's are called the 
aliens oft. We denote by /3(t) the /3-normal form oft, by cap/3(t) the cap of (3{t), 
by Cap(t) (resp. Cap/3(t)) the ~i- equivalence class of cap(t) (resp. capj3(t)), by 
aliens(t) the multiset of the aliens oft, and by Aliens(t) the multiset union of 
the (finite) ^-equivalence classes of the aliens oft. 

Theorem 5 (Computability of first-order symbols). If f G T\ and t € 

SM then ft e SAf. 

Proof. We prove that every ►-reduct t' of t = ft is strongly normalizable. In 
the following, (> a ,>b)icx denotes the lexicographic ordering built with > a and 
>b, and > mu i denotes the multiset extension of >. 

Case IZ^ 7^0. By induction on (Aliens(t), Cap{t)) with ((— >/3~ U -^n^ 
UO~) mu i, (— > K 1 ~i)mui)iex as well-founded ordering. It is easy to see that the 
aliens are strongly normalizable for — >a<~, -^n^ and >~ since they are so for 
~— >/3 (Lemma 7), and ^t> (Lemma 2) respectively. 

If t —>@ t' then the reduction takes place in an alien v. Let v' be its /3-reduct. 
If v' is not headed by a symbol of T\ then Aliens(t) (-^/3~) m ui Aliens(u). 
Otherwise, its cap increases the cap of t' but, since the aliens of t' are then strict 
subterms of v' , we have Aliens(t) (— >/3~ Ut>^) mu i Aliens{u). 



Assume now that t — u —*n t' . We first look at what happens when t —>£ u. 
There are two cases: 

• If the reduction takes place in the cap then this is a £i-reduction. Since both 
the left-hand side and the right-hand side of a first-order rule are first-order 
algebraic terms, we have cap(t) —>-£ 1 cap(u) and, since the rules off are linear, 
we have aliens(t) = aliens(u). 

• If the reduction takes place in an alien then cap(t) = cap(u) and aliens(t) 
(->f)mui aliens(u). 

So, in both cases, Cap(t) — Cap(u) and Aliens(t) = Aliens(u). Therefore, 
by induction on the number of £-steps, if t -^>* £ u then Cap{t) = Cap{u) and 
Aliens{t) = Aliens(u). We now look at the ^-reduction. There are two cases: 

• If the reduction takes place in the cap then it is a 7^i-reduction. Since both 
the left-hand side and the right-hand side of a first-order rule are first-order 
algebraic terms, we have cap{u) —>m cap(t') and, since the rules of IZi are 
non-duplicating, we have aliens(u) C aliens(t'). If aliens(u) C aliens(t') 
then Aliens(u) C Aliens(t'). Otherwise, Cap(u) (— ►7j 1 ~i) m ui Cap(t'). 

• If the reduction takes place in an alien then, as in the case of a /^-reduction, 
we have Aliens(t) (— U >~) mu i Aliens(u). 

Case IZuj = 0. Since the U's are strongly normalizable and no /3-reduction 
can take place at the top of t, t has a /3-normal form. We prove that every 
reduct t' oft is strongly normalizable, by induction on (Cap/3(t), Aliens(t)) with 
((— *-TCi~i)mui, (— >73~ U -^n~ U>~) mu i)i ex as well-founded ordering. 

If t —>@ t' then cap(3{t) — cap(3{t') and, as seen in the previous case, Aliens(t) 
(^fj~U\>~) Aliens(u). 

Otherwise, t -^* £ u — t' . As seen in the previous case, cap(t) — cap{u) 
and Aliens(t) — Aliens(u). Since /3 and £ commute and £ preserves /3-normal 
forms, we have cap(3{t) — cap(3(u) and thus Cap[3{t) = Capj3(u). We now look 
at the 7?.i-reduction. There are two cases: 

• The reduction takes place in the cap. Since both the left-hand side and the 
right-hand side of a first-order rule are first-order algebraic terms, we have 
cap(u) — >n 1 cap(t') and, since /3-reductions cannot reduce the cap, we have 
cap/3(u) — >ji 1 cap/3(t') and thus Cap/3(t) (— >K 1 ~i) m u] Capf3{t'). 

• If the reduction takes place in an alien then Aliens(t) (^7Z^)mui Aliens(u) 
and, after Lemma 3, f3{u) — ^ /3(f) . Therefore, capf3(u) — ^ cap(3(t') and 
Cap(3(u) H TC ~)mui Cap/3(t'). □ 

We now come to the interpretation of defined predicate symbols. Let / be 
a defined predicate of type (x : T)U . We define If(t,S) by induction on t, S 
as follows. If there exists a rule (fl — > r,T,p) and a substitution a such that 
t ►* ~ la and la is in ►-normal form, then If(t, S) = [r]| a with a = {x ^> t] 
and x£ = S K:c where n x is given by smallness. Otherwise, we take the greatest 
element of TZu ■ 

We must make sure that the definition does not depend on the choice of the 
rule. Assume that there is another rule (fl 1 — > r',r',p') and a substitution a' 
such that t ►* ~ l'a' in normal form. By confluence and Lemma 10, we have 



la ~ I' a'. Since — > is confluent and rules on predicate symbols have no critical 
pair, there exists a" such that a — a", a' —> £ a" and lo" = V a" . Therefore, 
for the same reason, we must have 1 = 1' and r = r' . 

Finally, we check that the interpretation is stable by reduction: if t —> tf then, 
since — ► is confluent, t has a ►-normal form iff if has a ►-normal form too. 

We now prove the computability of higher-order symbols. 

Theorem 6 (Computability of higher-order symbols). If f G T u , Tf = 

(x : T)U and £, 6 \= J> then fx6 e [C% e . 

Proof. The proof follows the one given in [6] except that — > is replaced by ► . 
We examine the different ►-reducts of fxO. If this is a /3-reduction, it must 
take place in one XiO and we can conclude by induction hypothesis. Otherwise, 
we have fx6 — ►£ gu — >k tf. Since the equations satisfy the General Schema, 
the Mi's are computable. Now, if the 7£-reduction takes place in one U{, we can 
conclude by induction hypothesis. Otherwise, this is a head-7\L-reduction and we 
can conclude by correctness of the computability closure. □ 

6 Confluence 

We now study the confluence of — ► and the decidability of J.*. Let R be a relation. 
R, R + , R* respectively denote the inverse, the transitive closure, and the reflexive 
and transitive closure of R. Composition is denoted by juxtaposition. 

- R is confluent if R*R* C R*R*. 

- R is confluent modulo ~ or ^-confluent 12 if R R* C R* ~ R . 

- R is ^-confluent on ^-classes if R ~ R* C R* ~ R . 

- R is locally confluent if RR C R*R . 

- R is locally ^-confluent if C i?* ~ i? . 

- i? is locally ^-confluent on ^-classes if J? ~ R C i?* ~ i? . 
i? is locally ~- coherent if £i? C _R* ~ i? . 

- i? and S commute if i?5 C Si?. 

- i? ^-commutes on ^-classes if i? ~ i? C i? ~ i?. 

Lemma 7. //£ is linear then ~ commutes with /3 and ►. 

Proof. Assume that t — *"/3,p M (/^-reduction at position p) and i — u (f- 
reduction at position q). There are several cases depending on the relative posi- 
tions of the different reductions. 

• p and q have no common prefix. Then the reductions clearly commute and 
6/3 C /3£ in this case (remember that £ = £). 

12 The definitions of confluence modulo and local confluence modulo are those of [16]. 
They differ from Huet's definition [15]. Huet's confluence modulo corresponds to our 
confluence modulo on equivalence classes, but Huet's local confluence modulo does 
not correspond to our local confluence modulo on equivalence classes. 



• p = q: not possible since left-hand sides of rules are algebraic and distinct 
from a variable. 

• p < q: t\ p = [x : A]b a and u = t[W] p with 6 = {x ^ a] . 

- Reduction in A: v = t[[x : A']b a] p with A — A'. Then, v —*p u and 

£0 c /?. 

- Reduction in b: v = t[[x : A]b' a] p with b — >£ b 1 . Then, v —>p t[b'6] p £^- u 
and £0 C 0£. 

- Reduction in a: v = t[[x : A]b a'] p with a — >£ a'. Let 6' = {x i— ► a'}. Then, 
v ->p t[W] p * £ +- u and £0 C 0£*. 

• p > q: t = t[la] q and v — t[ra] q . Since left-hand sides of rules are algebraic, 
there is one occurrence of a variable x G FV(Z) such that xa — >p w. Let a' 
be the substitution such that xa' = w and ya' = ya if y ^ x. Let a (resp. 
b) be the number of occurrences of x in I (resp. r). Then, u t[la'] q — >£ 
t[ra'] q b p^- v. Since £ is linear, we have a = b = 1 and thus £0 C /3£. 

In conclusion, in every case, we have £0 C /?£*. By induction on the number 
of £-steps, we get £* C /?£*, that is, ~ /3 C /? ~. Therefore, ~ ► C ► ~ since 

► = 0L1 ~K, - C /3 -C ► ~ and 7£ C ► ~. □ 

Corollary 8. If £ is linear and t 6 SAf(0) then t e SAf(~0). 

Proof. Assume that t € SAf(0). We prove that C /?"- by induction on 

n. For n = 0, this is immediate. For n + 1, (- /3) n+1 = (~ /3)" ~ C /?" 

/? C ~. Therefore, t G <S7V(~ /3). □ 

Lemma 9. 7/5 is linear then ►* ~ and |= ►* — 

Proo/. -►* C (/? U £ U -ft)*. Since ~/3* C 0* ~ and - -ft C -ft, we get 
->*C~ U(-ft)*^* U/3*^*. Therefore, ->*C ►* -. □ 

Lemma 10. If £ is linear then the following propositions are equivalent: — ► is 
confluent, ► is ^-confluent, ► is ^-confluent on ^-classes. 

Proof. Since £ is linear, we have -^*C ►* ~ and — ►* C ►* ~. We prove that 

► is —-confluent if — ► is confluent: * -4 ►* C *< >* C^* *<— C ►* — We 

prove that — > is confluent if ► is —-confluent: *< >* C — *-4 ► * — C — ►* — 

*-4 — C ►* — — — *-< We now prove that ► is —-confluent on —-classes if ► is 
--confluent (the inverse is trivial): *-< — ►* C*-**-*-C*-*-*-* — C ►* — 
*<. □ 

Theorem 11. Type-checking is decidable «/► is weakly normalizing, TZ is finitely 
branching, ► is ^-confluent on ^-classes, £ is linear and — is decidable. 

Proof. Type-checking is deciding whether a term t has type T in an environment 
r. A type for t can be easily inferred. Then, one checks that it is equivalent to T 
(see [10] for more details). Thus, we are left to prove that J.* is decidable. Since 
£ is linear and ► is —-confluent on —-classes, by Lemma 10, — > is confluent and 
|*=|. Since £ is linear, by Lemma 9, J, = ►* — *<. Since ► is weakly normalizing 



and finitely branching (—classes are finite and (3 and 72 are finitely branching), 
one can define a function nf computing a ►-normal form of a term. We prove that 
t 1* u only if nf(t) ~ nf(u) (the inverse is trivial). Assume that t>-*t' ~ v! *<u. 
Since ► is —confluent on —classes, nf(t) ~ nf(t') *<t' ~ u' >■* nf(u') ~ nf(u). 
Again, since ► is —confluent on —classes, there exist t" and u" such that 
nf(t) ~ n/(i') ►* i" - u"*< nf(u') ~ n/(u). Since nf(t') and n/(u') are 
normal forms, we have nf{t) ~ nf{u). □ 

Lemma 12. For aZZ relation R, if R ^-commutes on ^-classes then ^ R is 
^-confluent on ^-classes. 

Proof. Let 5 — ~ i?. We prove that 5 P ~ 5™ C 5™ ~ 5 P by induction on n. 

• Case n = 0. By induction on p. The case p = is immediate. Case p + 1: 
5 P+ ~ = 55 P ~ C 5 ~ 5 P C ~ 55* since 5 <~ = i? <~~ = i?^ = 5C^5. 

• Case n — 1. By induction on p. 

- Case p = 0. ~ 5 = R = ~ R = 5 C 5 ~. 

- Case p + 1. 5^ +1 -5 = ^-5^55-/ C 5 ~ 55 P since 55 ~ = 
i? R~ = R~R~CR~R~(ZS~S. 

• Casen+1.5 P ~ 5" +1 = 5 P ~ 55" C 5- 5 P 5" C 5~ 5 P ~ 5" C 5- 5™- 5* 
and we prove that 5 ~ 5™ ~ C 5 Il+1 ~ by induction on n. The case n = 
is immediate. Case n + 1: 5 - S n+1 ~c5-5"-5-C 5™ +1 ~ 5 ~ C 
5" +1 5 - since - 5 = = ~ R = 5. □ 

Lemma 13. For all relation R, if R is ^-confluent on ^-classes then ~ii is 
^-confluent on ^-classes. 

Proof. If R is —confluent on —classes then R* —commutes on —classes. Hence, 
by Lemma 12, ~7?* is —confluent on —classes. Therefore, <~i? is —confluent 
on —classes since (~R)* C (~R*)* and (~R*)* C ~. □ 

Theorem 14. ► is ^-confluent on ^-classes if ► is strongly normalizing, £ is 
linear, 72 is locally ^-confluent and 72 is locally ^-coherent. 

Proof. We first prove that /3U72 is —confluent on —classes. In [15], Huet proves 
that a relation R is —confluent on —classes if R ~ is strongly normalizing, R is 
locally —confluent and R is locally —coherent. We take R = /3U72 and check the 
conditions. i?~ is strongly normalizing since ► is strongly normalizing and (3 and 
~ commute (£ is linear). Local confluence: j3f3 C /?*/? since /? is locally confluent, 
1Z/3 <Z (3*1Z (3 after the proof of Lemma 7, and 7272 C 1Z* ~ 7?. by assumption. 
Local coherence: £/? C /3£ C /3 ~ since £ is linear, and £7?. C 72.* ~ 72 by 
assumption. 

So, R = j3 U 72 is —confluent on —classes. Therefore, by Lemma 13, ~i? is 
—confluent on —classes. We now prove the theorem. We have ►* C (~i?)* and 
(~R)* C ►* ~ (/3 and ~ commute since £ is linear). Thus, ~ ►* C (~ii)* ~ 
C ~ (~R)* C ►* □ 



Huet also proves in [15] that TZ is locally ~-confluent iff its critical pairs are 
^-confluent, and that TZ is locally ^-coherent if TZ is left-linear and the critical 
pairs between TZ and £ are ^-confluent. So, ^-confluence is decidable whenever 
► is strongly normalizing, ~ is decidable and TZ U £ is finite: it amounts to 
checking whether the critical pairs between the rules, and between the rules and 
the equations (in both directions), are ^-confluent. 

Unfortunately, when considering type-level rewriting, confluence is required 
for proving strong normalization. Whether strong normalization can be proved 
by using local confluence only is an open problem. Fortunately, confluence can 
be proved for a large class of rewrite systems without using strong normalization, 
namely the left-linear systems. 

Theorem 15. ► is ^-confluent on ^-classes if £ is linear, TZ is left-linear and 
TZ is ^-confluent on ^-classes. 

Proof. In [24], Van Oostrom and Van Raamsdonk prove that the combination of 
two left-linear and confluent Combinatory Reduction Systems (CRS) Ti and J 
is confluent if all the critical pairs between the rules of H and the rules of J are 
trivial. We prove the theorem by taking H = TZ U £ and J = (3, and by proving 
that H is confluent. Since H* C ~, we have H*TL* C ~ (^TZ)*{~1Z)* ~. 

Since TZ is ^-confluent on ^-classes, by Lemma 13, is ^-confluent on ~- 
classes. Therefore, ~ (^1Z)*{~1Z)* ~ C ~ (~TZ)* ~ (^JZ)* - C n*lT . □ 

Again, TZ is ~-confluent on ^-classes if ~1Z is strongly normalizing and TZ is 
locally confluent and ^-coherent, which can be proved by analyzing the critical 
pairs between the rules and between the rules and the equations (when TZ is 
left-linear) [15]. 

7 Conclusion 

In [3,2], we give general syntactic conditions based on the notion of computabil- 
ity closure for proving the strong normalization of f3- reduction and (higher-order) 
rewriting. In this paper, we show that the notion of computability closure can 
also be used for proving the strong normalization of /3-reduction and (higher- 
order) rewriting modulo (higher-order) equations. It is interesting to note that, 
in our approach, the introduction of equations does not affect the conditions on 
rules: although based on the same notion, equations and rules are dealt with 
separately. Finally, one may wonder whether our method could be extended to 
Jouannaud and Rubio's Higher-Order Recursive Path Ordering (HORPO) [17, 
25], which also uses the notion of computability closure for increasing its expres- 
sive power. 
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